Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Oonidata #116

Closed
wants to merge 20 commits into from
Closed

Oonidata #116

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
3f47921
Retrieve digital ocean token from parameter store
hellais Nov 25, 2024
2638566
Change ECS cluster instance sizes
hellais Nov 25, 2024
fee97f3
Add support for deploying oonibackend proxy nginx proxy
hellais Nov 25, 2024
0a0eea9
Change default task memory
hellais Nov 25, 2024
a019a3c
Fix duplicate service name
hellais Nov 25, 2024
301e16a
Drop backendproxy
hellais Nov 25, 2024
cc72935
Point oonifindings to oonidata branch
hellais Nov 25, 2024
f5b0e13
Add clickhouseproxy setup
hellais Nov 25, 2024
57dda33
Add clickhouse proxy nftable rules
hellais Nov 25, 2024
7512a3b
Add extra path rules for oonidata endpoint
hellais Nov 26, 2024
94338ad
Fix labeling of reverse proxy
hellais Nov 26, 2024
b6866f3
Fix typo
hellais Nov 26, 2024
96657f9
Bump up size of ecs_cluster
hellais Nov 26, 2024
534a8a6
Use readonly user password
hellais Nov 26, 2024
1ef8815
Add ssm permission to service task
hellais Nov 26, 2024
7a1d062
Add scripts related to migrating backend-fsn tables over to cluster
hellais Nov 27, 2024
10e596e
Add more schema updates
hellais Nov 28, 2024
118030f
Don't setup node_exporter as part of bootstrap role
hellais Dec 3, 2024
0a8be55
Re-organization of monitoring
hellais Dec 4, 2024
1b1a6b5
Align job_name
hellais Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions ansible/deploy-clickhouse.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
- name: Deploy oonidata clickhouse hosts
hosts:
- notebook.ooni.org
- data1.htz-fsn.prod.ooni.nu
#- data2.htz-fsn.prod.ooni.nu
- data3.htz-fsn.prod.ooni.nu
become: true
tags:
- clickhouse
roles:
- prometheus_node_exporter
- oonidata_clickhouse
12 changes: 12 additions & 0 deletions ansible/deploy-monitoring.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
- name: Update monitoring config
hosts: monitoring.ooni.org
become: true
tags:
- monitoring
roles:
- prometheus
- prometheus_blackbox_exporter
- prometheus_alertmanager


19 changes: 19 additions & 0 deletions ansible/deploy-tier0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
- name: Include monitoring playbook
ansible.builtin.import_playbook: deploy-monitoring.yml

- name: Include clickhouse playbook
ansible.builtin.import_playbook: deploy-clickhouse.yml

- name: Deploy oonidata worker nodes
hosts:
- data1.htz-fsn.prod.ooni.nu
become: true
tags:
- oonidata_worker
roles:
- oonidata
vars:
enable_jupyterhub: false
enable_oonipipeline_worker: true
clickhouse_url: "clickhouse://write:{{ lookup('amazon.aws.aws_ssm', '/oonidevops/secrets/clickhouse_write_password', profile='oonidevops_user_prod') | hash('sha256') }}@clickhouse1.prod.ooni.io/ooni"
25 changes: 25 additions & 0 deletions ansible/deploy-tier2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
- name: Setup OpenVPN server
hosts: openvpn-server1.ooni.io
become: true
remote_user: root
roles:
- ssh_users

- name: Deploy notebook host
hosts: notebook.ooni.org
become: true
tags:
- notebook
vars:
enable_oonipipeline_worker: false
roles:
- oonidata

# commented out due to the fact it requires manual config of ~/.ssh/config
#- name: Setup codesign box
# hosts: codesign-box
# become: true
# remote_user: ubuntu
# roles:
# - codesign_box
2 changes: 2 additions & 0 deletions ansible/group_vars/all/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ admin_usernames: [ art, mehul ]
root_usernames: [ art, mehul ]
non_admin_usernames: [ ]
deactivated_usernames: [ sbs, federico, sarath ]

prometheus_metrics_password: "{{ lookup('amazon.aws.aws_secret', 'oonidevops/ooni_services/prometheus_metrics_password', profile='oonidevops_user_prod') }}"
22 changes: 21 additions & 1 deletion ansible/group_vars/clickhouse/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ nftables_clickhouse_allow:
ip: 168.119.7.188
- fqdn: notebook.ooni.org
ip: 138.201.19.39
- fqdn: clickhouseproxy.dev.ooni.io
ip: "{{ lookup('dig', 'clickhouseproxy.dev.ooni.io/A') }}"

nftables_zookeeper_allow:
- fqdn: data1.htz-fsn.prod.ooni.nu
Expand All @@ -24,7 +26,7 @@ clickhouse_config:
max_connections: 4096
keep_alive_timeout: 3
max_concurrent_queries: 100
max_server_memory_usage: 0
max_server_memory_usage: 21001001000
max_thread_pool_size: 10000
max_server_memory_usage_to_ram_ratio: 0.9
total_memory_profiler_step: 4194304
Expand Down Expand Up @@ -154,6 +156,10 @@ clickhouse_distributed_ddl:
clickhouse_default_profiles:
default:
readonly: 2
max_memory_usage: 11001001000
use_uncompressed_cache: 0
load_balancing: random
max_partitions_per_insert_block: 100
readonly:
readonly: 1
write:
Expand Down Expand Up @@ -194,3 +200,17 @@ clickhouse_default_quotas:
result_rows: 0
read_rows: 0
execution_time: 0

clickhouse_prometheus:
endpoint: "/metrics"
port: 9363
metrics: true
events: true
asynchronous_metrics: true
status_info: true

prometheus_nginx_proxy_config:
- location: /metrics/node_exporter
proxy_pass: http://127.0.0.1:8100/metrics
- location: /metrics/clickhouse
proxy_pass: http://127.0.0.1:9363/metrics
24 changes: 13 additions & 11 deletions ansible/inventory
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,24 @@
[all]
# This requires manual setup of ~/.ssh/config
#codesign-box
[all:children]
htz-fsn
ghs-ams

[prod]
data.ooni.org
oonidata.ooni.org
monitoring.ooni.org
openvpn-server1.ooni.io
## Role tags

[clickhouse]
notebook.ooni.org
data1.htz-fsn.prod.ooni.nu
data2.htz-fsn.prod.ooni.nu
data3.htz-fsn.prod.ooni.nu

[dev]
oonidatatest.ooni.nu
## Location tags

[clickhouse]
[htz-fsn]
data.ooni.org
monitoring.ooni.org
notebook.ooni.org
data1.htz-fsn.prod.ooni.nu
data2.htz-fsn.prod.ooni.nu
data3.htz-fsn.prod.ooni.nu

[ghs-ams]
openvpn-server1.ooni.io
63 changes: 4 additions & 59 deletions ansible/playbook.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,63 +7,8 @@
tags:
- bootstrap

- name: Update monitoring config
hosts: monitoring.ooni.org
become: true
tags:
- monitoring
roles:
- prometheus
- prometheus_blackbox_exporter
- prometheus_alertmanager

- name: Setup OpenVPN server
hosts: openvpn-server1.ooni.io
become: true
remote_user: root
roles:
- ssh_users

- name: Deploy oonidata clickhouse hosts
hosts:
- data1.htz-fsn.prod.ooni.nu
#- data2.htz-fsn.prod.ooni.nu
- data3.htz-fsn.prod.ooni.nu
- notebook.ooni.org
become: true
tags:
- clickhouse
roles:
#- tailnet
- oonidata_clickhouse

- name: Deploy oonidata worker nodes
hosts:
- data1.htz-fsn.prod.ooni.nu
become: true
tags:
- oonidata_worker
roles:
- oonidata
vars:
enable_jupyterhub: false
enable_oonipipeline_worker: true
clickhouse_url: "clickhouse://write:{{ lookup('amazon.aws.aws_ssm', '/oonidevops/secrets/clickhouse_write_password', profile='oonidevops_user_prod') | hash('sha256') }}@clickhouse1.prod.ooni.io/ooni"

- name: Deploy notebook host
hosts: notebook.ooni.org
become: true
tags:
- notebook
vars:
enable_oonipipeline_worker: false
roles:
- oonidata
- name: Include tier0 playbook
ansible.builtin.import_playbook: deploy-tier0.yml

# commented out due to the fact it requires manual config of ~/.ssh/config
#- name: Setup codesign box
# hosts: codesign-box
# become: true
# remote_user: ubuntu
# roles:
# - codesign_box
- name: Include tier2 playbook
ansible.builtin.import_playbook: deploy-tier2.yml
1 change: 0 additions & 1 deletion ansible/requirements.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
- src: willshersystems.sshd
- src: nginxinc.nginx
- src: geerlingguy.certbot
- src: geerlingguy.node_exporter
- src: artis3n.tailscale
- src: https://github.com/idealista/clickhouse_role
scm: git
Expand Down
5 changes: 0 additions & 5 deletions ansible/roles/bootstrap/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,6 @@
tags:
- nftables

- ansible.builtin.include_role:
name: prometheus_node_exporter
tags:
- node_exporter

- name: Configure journald
tags:
- journald
Expand Down
1 change: 1 addition & 0 deletions ansible/roles/nginx/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
nginx_user: nginx
Loading
Loading